Of course, other operating systems are vulnerable as well. The problem is more that for a long time the security model of Linux was that an attacker is interested in getting root access. This hasn't been true anymore since DDoS attacks, crypto mining, etc. became a thing. And in recent years, attacks have moved towards phishing, crypto lockers, etc. Though Linux for a long time still had the model that an application has the same rights as a user. As a result, virtually every app is able to use an audio device if the user has the right permissions and/or eavesdrop on other applications and limited possibilities for access control:
Similarly, X11 applications can snoop on keystrokes, mouse events, and other applications, etc.
Luckily, there has been a strong push to change things. E.g. Pipewire is going to provide access control for sound devices and cameras, Wayland provides more GUI isolation between applications, and Flatpak/Bubblewrap are introducing application sandboxing at a larger scale.
> X11 applications can snoop on keystrokes, mouse events, and other applications, etc
Not just "X11 applications" but any process that can open your X unix domain socket (usually at somewhere like /tmp/.X11-unix/X0) or, god help you, connect to tcp://localhost:$((6000 + $DISPLAY_NUMBER)).
Perhaps it's because Mac hardware is fairly homogeneous, so it's relatively easy to write software that targets every model.
Who knows how many cameras and audio input devices exist for generic PCs. Probably most of them use standard APIs you could interrogate, but I bet not all of them.
